package com.mulesoft.connectors.sharepoint.internal.service.security.kerberos;

import com.mulesoft.connectors.sharepoint.internal.utils.ConnectorUtils;
import java.nio.charset.StandardCharsets;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.impl.auth.AuthSchemeBase;
import org.apache.http.message.BasicHeader;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.CharArrayBuffer;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connectors/sharepoint/internal/service/security/kerberos/SharepointGGSSchemeBase.class */
public abstract class SharepointGGSSchemeBase extends AuthSchemeBase {
    private static final String HTTP_PROXY_HOST = "http.proxy_host";
    private static final String HTTP_TARGET_HOST = "http.target_host";
    private static final String SENDING_RESPONSE_DEBUG_MESSAGE = "Sending response {} back to the auth server";
    private static final String RECEIVED_CHALLENGE_DEBUG_MESSAGE = "Received challenge {} from the auth server";
    private static final Logger logger = LoggerFactory.getLogger(SharepointGGSSchemeBase.class);
    private byte[] token;
    private String spn;
    private Boolean isComplete = false;
    private final Base64 base64codec = new Base64();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mulesoft/connectors/sharepoint/internal/service/security/kerberos/SharepointGGSSchemeBase$CreateServiceTicketAction.class */
    public static final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> {
        private final GSSContext context;
        private final byte[] token;

        private CreateServiceTicketAction(GSSContext gSSContext, byte[] bArr) {
            this.context = gSSContext;
            this.token = bArr;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public byte[] run() throws GSSException {
            return this.context.initSecContext(this.token, 0, this.token.length);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SharepointGGSSchemeBase(String str) {
        this.spn = str;
    }

    protected GSSManager getManager() {
        return GSSManager.getInstance();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateGSSToken(Credentials credentials, Oid oid, String str) throws GSSException {
        if (ConnectorUtils.isBlank(this.spn)) {
            this.spn = "HTTP/" + str;
        }
        GSSManager manager = getManager();
        GSSContext createContext = manager.createContext(manager.createName(this.spn, (Oid) null).canonicalize(oid), oid, (GSSCredential) null, 0);
        createContext.requestMutualAuth(true);
        createContext.requestCredDeleg(true);
        return getToken(credentials, createContext);
    }

    private byte[] getToken(Credentials credentials, GSSContext gSSContext) throws GSSException {
        byte[] bArr = new byte[0];
        try {
            LoginContext loginContext = new LoginContext("Kerberos", getUsernamePasswordHandler(credentials.getUserPrincipal().getName(), credentials.getPassword()));
            loginContext.login();
            try {
                return (byte[]) Subject.doAs(loginContext.getSubject(), new CreateServiceTicketAction(gSSContext, bArr));
            } catch (PrivilegedActionException e) {
                logger.error(e.getMessage(), e);
                if (e.getCause() instanceof GSSException) {
                    throw e.getCause();
                }
                return new byte[0];
            }
        } catch (LoginException e2) {
            throw new GSSException(13, -1, e2.getMessage());
        }
    }

    private CallbackHandler getUsernamePasswordHandler(String str, String str2) {
        return callbackArr -> {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(str);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(str2.toCharArray());
                }
            }
        };
    }

    protected abstract byte[] generateToken(Credentials credentials, String str) throws GSSException;

    @Override // org.apache.http.auth.AuthScheme
    public boolean isComplete() {
        return this.isComplete.booleanValue();
    }

    @Override // org.apache.http.auth.AuthScheme
    @Deprecated
    public Header authenticate(Credentials credentials, HttpRequest httpRequest) throws AuthenticationException {
        return null;
    }

    public Header authenticate(Credentials credentials, HttpRequest httpRequest, HttpContext httpContext) throws AuthenticationException {
        try {
            String hostName = ((HttpHost) httpContext.getAttribute(isProxy() ? HTTP_PROXY_HOST : HTTP_TARGET_HOST)).getHostName();
            logger.debug("init {}", hostName);
            this.token = generateToken(credentials, hostName);
            this.isComplete = true;
            String str = new String(this.base64codec.encode(this.token), StandardCharsets.UTF_8);
            logger.debug(SENDING_RESPONSE_DEBUG_MESSAGE, str);
            return new BasicHeader("Authorization", "Negotiate " + str);
        } catch (GSSException e) {
            this.isComplete = true;
            if (e.getMajor() == 9 || e.getMajor() == 8) {
                throw new InvalidCredentialsException(e.getMessage(), e);
            }
            if (e.getMajor() == 13) {
                throw new InvalidCredentialsException(e.getMessage(), e);
            }
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    @Override // org.apache.http.impl.auth.AuthSchemeBase
    protected void parseChallenge(CharArrayBuffer charArrayBuffer, int i, int i2) throws MalformedChallengeException {
        String substringTrimmed = charArrayBuffer.substringTrimmed(i, i2);
        logger.debug(RECEIVED_CHALLENGE_DEBUG_MESSAGE, substringTrimmed);
        this.token = this.base64codec.decode(substringTrimmed.getBytes(StandardCharsets.UTF_8));
    }
}
